fix(deps): update dependency prismjs to v1.24.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
prismjs	1.23.0 -> 1.24.0

GitHub Vulnerability Alerts

CVE-2021-32723

Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS).

Impact

When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted text.

• ASCIIDoc
• ERB

Other languages are not affected and can be used to highlight untrusted text.

Patches

This problem has been fixed in Prism v1.24.

References

• Updated refa + fixed 2 cases of exponential backtracking PrismJS/prism#2774
• Tests: Exhaustive pattern tests PrismJS/prism#2688

---

Release Notes

PrismJS/prism (prismjs)

v1.24.0

Compare Source

New components

• CFScript (#​2771) b0a6ec85
• ChaiScript (#​2706) 3f7d7453
• COBOL (#​2800) 7e5f78ff
• Coq (#​2803) 41e25d3c
• CSV (#​2794) f9b69528
• DOT (Graphviz) (#​2690) 1f91868e
• False (#​2802) 99a21dc5
• ICU Message Format (#​2745) bf4e7ba9
• Idris (#​2755) e9314415
• Jexl (#​2764) 7e51b99c
• KuMir (КуМир) (#​2760) 3419fb77
• Log file (#​2796) 2bc6475b
• Nevod (#​2798) f84c49c5
• OpenQasm (#​2797) 1a2347a3
• PATROL Scripting Language (#​2739) 18c67b49
• Q# (#​2804) 1b63cd01
• Rego (#​2624) e38986f9
• Squirrel (#​2721) fd1081d2
• URI (#​2708) bbc77d19
• V (#​2687) 72962701
• Wolfram language & Mathematica & Mathematica Notebook (#​2921) c4f6b2cc

Updated components

• Fixed problems reported by regexp/no-dupe-disjunctions (#​2952) f471d2d7
• Fixed some cases of quadratic worst-case runtime (#​2922) 79d22182
• Fixed 2 cases of exponential backtracking (#​2774) d85e30da
• AQL
  • Update for ArangoDB 3.8 (#​2842) ea82478d
• AutoHotkey
  • Improved tag pattern (#​2920) fc2a3334
• Bash
  • Accept hyphens in function names (#​2832) e4ad22ad
  • Fixed single-quoted strings (#​2792) e5cfdb4a
• C++
  • Added support for generic functions and made :: punctuation (#​2814) 3df62fd0
  • Added missing keywords and modules (#​2763) 88fa72cf
• Dart
  • Improved support for classes & generics (#​2810) d0bcd074
• Docker
  • Improvements (#​2720) 93dd83c2
• Elixir
  • Added missing keywords (#​2958) 114e4626
  • Added missing keyword and other improvements (#​2773) e6c0d298
  • Added defdelagate keyword and highlighting for function/module names (#​2709) 59f725d7
• F#
  • Fixed comment false positive (#​2703) a5d7178c
• GraphQL
  • Fixed definition-query and definition-mutation tokens (#​2964) bfd7fded
  • Added more detailed tokens (#​2939) 34f24ac9
• Handlebars
  • Added hbs alias (#​2874) 43976351
• HTTP
  • Fixed body not being highlighted (#​2734) 1dfc8271
  • More granular tokenization (#​2722) 6183fd9b
  • Allow root path in request line (#​2711) 4e7b2a82
• Ini
  • Consistently mimic Win32 INI parsing (#​2779) 42d24fa2
• Java
  • Improved generics (#​2812) 4ec7535c
• JavaScript
  • Added support for import assertions (#​2953) ab7c9953
  • Added support for RegExp Match Indices (#​2900) 415651a0
  • Added hashbang and private getters/setters (#​2815) 9c610ae6
  • Improved contextual keywords (#​2713) 022f90a0
• JS Templates
  • Added SQL templates (#​2945) abab9104
• JSON
  • Fixed backtracking issue in Safari (#​2691) cf28d1b2
• Liquid
  • Added Markup support, missing tokens, and other improvements (#​2950) ac1d12f9
• Log file
  • Minor improvements (#​2851) 45ec4a88
• Markdown
  • Improved code snippets (#​2967) e9477d83
  • Workaround for incorrect highlighting due to double wrap hook (#​2719) 2b355c98
• Markup
  • Added support for DOM event attributes (#​2702) 8dbbbb35
• nginx
  • Complete rewrite (#​2793) 5943f4cb
• PHP
  • Fixed functions with namespaces (#​2889) 87d79390
  • Fixed string interpolation (#​2864) cf3755cb
  • Added missing PHP 7.4 fn keyword (#​2858) e0ee93f1
  • Fixed methods with keyword names + minor improvements (#​2818) 7e8cd40d
  • Improved constant support for PHP 8.1 enums (#​2770) 8019e2f6
  • Added support for PHP 8.1 enums (#​2752) f79b0eef
  • Class names at the start of a string are now highlighted correctly (#​2731) 04ef309c
  • Numeral syntax improvements (#​2701) 01af04ed
• React JSX
  • Added support for general spread expressions (#​2754) 9f59f52d
  • Added support for comments inside tags (#​2728) 30b0444f
• reST (reStructuredText)
  • Fixed inline pattern (#​2946) a7656de6
• Ruby
  • Added heredoc literals (#​2885) 20b77bff
  • Added missing regex flags (#​2845) 3786f396
  • Added missing regex interpolation (#​2841) f08c2f7f
• Scheme
  • Added support for high Unicode characters (#​2693) 0e61a7e1
  • Added bracket support (#​2813) 1c6c0bf3
• Shell session
  • Fixed multi-line commands (#​2872) cda976b1
  • Commands prefixed with a path are now detected (#​2686) c83fd0b8
• SQL
  • Added ILIKE operator (#​2704) 6e34771f
• Swift
  • Added some keyword (#​2756) cf354ef5
• TypeScript
  • Updated keywords (#​2861) fe98d536
  • Added support for decorators (#​2820) 31cc2142
• VB.Net
  • Improved strings, comments, and punctuation (#​2782) a68f1fb6
• Xojo (REALbasic)
  • REM is no longer highlighted as a keyword in comments (#​2823) ebbbfd47
  • Added last missing Keyword "Selector" (#​2807) e32e043b
  • Added missing keywords (#​2805) 459365ec

Updated plugins

• Made Match Braces and Custom Class compatible (#​2947) 4b55bd6a
• Consistent Prism check (#​2788) 96335642
• Command Line
  • Don't modify empty code blocks (#​2896) c81c3319
• Copy to Clipboard
  • Removed ClipboardJS dependency (#​2784) d5e14e1a
  • Fixed clipboard.writeText not working inside iFrames (#​2826) 01b7b6f7
  • Added support for custom styles (#​2789) 4d7f75b0
  • Make copy-to-clipboard configurable with multiple attributes (#​2723) 2cb909e1
• File Highlight
  • Fixed Prism check (#​2827) 53d34b22
• Line Highlight
  • Fixed linkable line numbers not being initialized (#​2732) ccc73ab7
• Previewers
  • Use classList instead of className (#​2787) d298d46e

Other

• Core
  • Add tabindex to code blocks to enable keyboard navigation (#​2799) dbf70515
  • Fixed greedy rematching reach bug (#​2705) b37987d3
  • Added support for plaintext (#​2738) 970674cf
• Infrastructure
  • Added ESLint
  • Added npm-run-all to clean up test command (#​2938) 5d3d8088
  • Added link to Q&A to issue templates (#​2834) 7cd9e794
  • CI: Run tests with NodeJS 16.x (#​2888) b77317c5
  • Dangerfile: Trim merge base (#​2761) 45b0e82a
  • Dangerfile: Fixed how changed files are determined (#​2757) 0feb266f
  • Deps: Updated regex tooling (#​2923) ad9878ad
  • Tests: Added --language for patterns tests (#​2929) a62ef796
  • Tests: Fixed polynomial backtracking test (#​2891) 8dbf1217
  • Tests: Fixed languages test discovery a9a199b6
  • Tests: Test discovery should ignore unsupported file extensions (#​2886) 4492c5ce
  • Tests: Exhaustive pattern tests (#​2688) 53151404
  • Tests: Fixed pretty print incorrectly calculating print width (#​2821) 5bc405e7
  • Tests: Automatically normalize line ends (#​2934) 99f3ddcd
  • Tests: Added --insert and --update parameters to language test (#​2809) 4c8b855d
  • Tests: Stricter components.json tests (#​2758) 933af805
• Website
  • Copy to clipboard: Fixed highlighting (#​2725) 7a790bf9
  • Readme: Mention npm ci (#​2899) 91f3aaed
  • Readme: Added Node and npm version requirements (#​2790) cb220168
  • Readme: Update link to Chinese translation (#​2749) 266cc700
  • Replace my.cdn in code sample with Handlebars-like placeholder (#​2906) 80471181
  • Set dummy domain for CDN (#​2905) 38f1d289
  • Added MySQL to "Used by" section (#​2785) 9b784ebf
  • Improved basic usage section (#​2777) a1209930
  • Updated URL in Autolinker example (#​2751) ec9767d6
  • Added React native tutorial (#​2683) 1506f345

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.